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Claims 1-29 have been examined. 



Claim Rejections - 35 USC§ 102 



The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in (1 ) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351 (a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

Claims 1-29 are rejected under 35 U.S.C. 102(e) as being anticipated by Rueda 
et al.(US 2002/0112076) 

1 . As per claim 1 , Rueda et al. teach a method of virtual private networking, 
comprising: receiving a request from at least one user for at least one address Upon 
receiving an ARP request from (A), [0144] that can be translated by a second DNS 
server; detecting that the at least one address cannot be translated by a first DNS 
server, wherein the first DNS server is then in use by the user; Requests are made to 
DNS servers for the IP addresses that map to the appropriate domain-names. (It is 
expected that the typical client be configured for a local DNS server. In any event, the 
DNS server that it is configured for would provide the same services as any other DNS 
server except in the resolution of local and/or private domain-names. [0108], 
redirecting the request from the first DNS server to a gateway, wherein the gateway 
directs the request to the second DNS server, (The System detects any ARP requests 
that are generated on the client-side network. These would be present as the clients 
attempt to discover the physical address of the network adapters bound to a particular 
IP address. Common ARP requests would be for a client's specified gateway for 
accessing IP addresses that are not on their subnet. [0106] and wherein the second 
DNS server resolves the request and returns the address to the gateway; and receiving. 
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from the gateway, the requested address formatted according to the first DNS server. 
(All DNS queries are transparently peroxide to a DNS server accessible to the System 
server. If the name is not resolved, it is assumed that the DNS request was for that of a 
local or private IP address. In this case the System returns the System client-side IP 
address as it attempts to emulate any local machine. A common occurrence that falls in 
this category would be to resolve the specified HTTP proxy. [0109]) 

2. As per claim 2, wherein the first DNS server is a dial-in server for an ISP. (This 
server would also have a connection to an ISP [0063]) 

3. As per claim 3, wherein said receiving a user request comprises receiving a user 
request over at least one communication media selected from the group consisting of a 
modem, a cable modem, and a DSL. (This server would also have a connection to an 
ISP in whatever manner was desired (leased line, cable modem, or modem dial-up). 
[0063]) 

4. As per claim 4, wherein the first DNS server is a familiar server associated with a 
dial-in service, (configured for dial-up Internet access (i.e. using a modem or ISDN line) 
[0173]) 

5. As per claim 5, wherein the first DNS server is an unfamiliar server associated 
with a dial-in service, (configured for dial-up Internet access (i.e. using a modem or 
ISDN line) [0173]) 

6. As per claim 6, the method further comprising installing a client, wherein the 
client performs said receiving a request from a user, detecting, and receiving the 
requested address. (The System detects any ARP requests that are generated on the 
client-side network. These would be present as the clients attempt to discover the 
physical address of the network adapters bound to a particular IP address. Common 
ARP requests would be for a client's specified gateway for accessing IP addresses that 
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7. As per clainn 7, the nnethod wherein the user request received is for an internal 
address, (internal and external IP addresses. [0168]) 

8. As per claim 8, the method wherein said detecting comprises: attempting to 
obtain a resolution of the requested address by the first DNS server; failing to receive a 
resolution from the first DNS server. (It is expected that the typical client be configured 

for a local DNS server. In any event, the DNS server that it is configured for would 
provide the same services as any other DNS server except in the resolution of local 
and/or private domain-names. Since these domain-names would not be local when 
using the System (mobile client), resolution for these would not be required. [0108], If 
the name is not resolved, it is assumed that the DNS request was for that of a local or 
private IP address. In this case the System returns the System client-side IP address 
as it attempts to emulate any local machine. A common occurrence that falls in this 
category would be to resolve the specified HTTP proxy. [0109]) 

9. As per claim 9, the method wherein the first DNS server is an external DNS 
server. (Since the proxy must masquerade as all external systems, [0168] 

10. As per claim 10, the method wherein said detecting further comprises activating 
a switch, wherein the switch, when inactive, points to the first DNS server, and, when 
active, points to the gateway, (the solution is to use of an Ethernet switch workgroup 
switch, LAN switch, switched hub, or Layer 2 switch. Ethernet switches are a relatively 
new class of interconnect product which provide the capability to increase the aggregate 
LAN bandwidth dramatically, because it allows for the simultaneous switching of 
packets between ports [3]. Each port on the Ethernet switch is attached to a shared 
segment (in our case a single client). Each shared segment can be allocated an internal 
bandwidth equal to 10 Mbps, allowing for an aggregate throughput of several times that 
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of a single 10Base-T shared segment. A similar solution for the realization of increased 
aggregate bandwidth is provided by segmentable hubs. [0146] and [0147]) 

11. As per claim 1 1 , the method wherein said redirecting comprises: translating a 
first address of the first DNS server to a second address of the gateway, (InterProxy 
then dynamically sets up a session to translate traffic into a valid IP address between 
the user and other network resources such as the Internet or local printers. [0020]) 
wherein the gateway redirects the request to the second DNS server, (the System need 
to redirect this packet to the System server-side and the server-side network adapter 
card will receive this packet normally.[0358]) 

12. As per claims 12 and 18, the method wherein said translating comprises 
overriding the first address of the first DNS server, (override learned IP addresses in a 
network [0011]) 

1 3. As per claims 1 3 and 1 7, the method wherein said redirecting further comprises 
encrypting communication to the gateway. (The PPP packets are then encrypted and 
tunneled through the new virtual connection, and the client is now a virtual node on the 
corporate LAN, one that just happens to be located across the Internet. [0175]) 

1 4. As per claim 1 4, the method wherein the gateway unencrypts the communication 
prior to directing the communication to the second DNS server, (the System need to 
redirect this packet to the System server-side and the server-side network adapter card 
will receive this packet normally.[0358]) 

1 5. As per claim 1 5, the method further comprising receiving at least one security 
check before said redirecting to the gateway, (a security mechanism may be introduced 
at the proxy server itself. Most commercial proxy programs come equipped with the 
ability to allow connections through only a certain number of interfaces. [0168]) 
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1 6. As per claim 1 6, a redirector that redirects a domain name service inquiry from a 
domain name server that cannot resolve the inquiry to a domain name service server 
that can resolve the inquiry, comprising: a client; at least one switch on said client; a 
gateway communicatively connected to said client; wherein said switch receives at least 
one domain name service inquiry directed to a first domain name server from said 
client; and wherein, upon activation of said at least one switch, said switch redirects the 
at least one domain name service inquiry to at least one second domain name server 
through said gateway, which at least one second domain name server returns to said 
gateway a resolution of the at least one domain name service inquiry. (It is expected 
that the typical client be configured for a local DNS server. In any event, the DNS server 
that it is configured for would provide the same services as any other DNS server 
except in the resolution of local and/or private domain-names. Since these domain- 
names would not be local when using the System (mobile client), resolution for these 
would not be required. [0108], If the name is not resolved, it is assumed that the DNS 
request was for that of a local or private IP address. In this case the System returns the 
System client-side IP address as it attempts to emulate any local machine. A common 
occurrence that falls in this category would be to resolve the specified HTTP proxy. 
[0109]) and (the System need to redirect this packet to the System server-side and the 
server-side network adapter card will receive this packet normally.[0358]) 

17. As per claim 1 9, the redirector wherein the user activates override, (the step is 
inherent, because in this case only user can activate the override). 

1 8. As per claim 20, the redirector wherein said override is activated only when the 
first domain name server cannot resolve the at least one domain name service inquiry. 
(It is expected that the typical client be configured for a local DNS server. In any event, 
the DNS server that it is configured for would provide the same services as any other 
DNS server except in the resolution of local and/or private domain-names. Since these 
domain-names would not be local when using the System (mobile client), resolution for 
these would not be required. [0108], If the name is not resolved, it is assumed that the 



Application/Control Number: 09/770,932 
Art Unit: 2143 



Page 7 



DNS request was for that of a local or private IP address. In this case the System 
returns the System client-side IP address as It attempts to emulate any local machine. A 
common occurrence that falls in this category would be to resolve the specified HTTP 
proxy. [0109]) 

1 9. As per claim 21 , wherein said override overrides all domain name service 
Inquiries upon activation, (the step is inherent, because that is the function of override in 
the domain name service inquiries). 

20. As per claim 22, the redirector of claim 1 6, further comprising a destination, 
wherein the resolution includes the destination, and wherein said at least one-second 
domain name server returns to gateway information from the destination. (FIG. 2 is a 
schematic illustration of by which the System Retrieves the destination address from the 
client table using source IP and port number. [0072]) 

21 . As per claim 23, the redirector wherein said gateway comprises an address 
ovenwriter that changes a destination address on the at least one domain name service 
inquiry from the first domain name server to the second domain name server, (the 
solution to the problem of getting packets destined for a client with the same IP address 
as another client is to correct the result returned when the System server does a lookup 
in its ARP table or issues an ARP request. This is accomplished by storing the 6 byte 
Ethernet (MAC) address of all clients using the System server for the duration of each 
connection. Once stored, this Ethernet address is used to overwrite all destinations, 
Ethernet addresses entered into packets by the OS using traditional ARP services 
before the packets are sent out to the clients. [0135]). 

22. As per claim 24, the redirector wherein said gateway further returns the 
resolution to said client, and wherein said address overwriter overwntes a second 
address of the second domain name server with a first address of the first domain name 
server within the resolution for return to said client, (the solution to the problem of 
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getting packets destined for a client witli the sanne IP address as another client is to 
correct the result returned when the System server does a lookup in its ARP table or 
issues an ARP request. This is accomplished by storing the 6 byte Ethernet (MAC) 
address of all clients using the System server for the duration of each connection. Once 
stored, this Ethernet address is used to overwrite all destination Ethernet addresses 
entered into packets by the OS using traditional ARP services before the packets are 
sent out to the clients. [0135]) 

23. As per claim 25, the redirector wherein the communicative connection comprises 
an ISP connection, (This server would also have a connection to an ISP [0063]) 

and wherein the communicative connection comprises an encrypted connection, (the 
PPP packets are then encrypted and tunneled through the new virtual connection, and 
the client is now a virtual node on the corporate LAN, one that just happens to be 
located across the Internet. [0175]) 

24. As per claim 24, the redirector wherein said client comprises a VPN client, and 
wherein said gateway comprises a VPN gateway, and wherein said switch comprises 
software code resident on said VPN client, (this code deals with receiving IP packets 
from any System clients and dealing with them appropriately. [0289]) 

25. As per claim 25, the redirector wherein said VPN client comprises software 
resident on at least one computer, (installation of server software [0015]) 

26. As per claim 26, a virtual private network using domain name service proxy that 
redirects a domain name service inquiry from a first domain name server that cannot 
resolve the inquiry to a second domain name service server that can resolve the inquiry, 
comprising: a user computer in communicative connection with a VPN client; at least 
one switch within said VPN client; a VPN gateway communicatively connected to said 
VPN client; wherein said switch receives at least one domain name service inquiry 
directed to the first domain name server from said VPN client; wherein, upon activation 
of said at least one switch, said switch redirects the at least one domain name service 
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inquiry away from the first domain name server to the second domain name server 
through said gateway, by sending at least one encrypted payload including therein the 
at least one domain name service inquiry to said gateway, which gateway then 
unencrypts the payload and sends the payload to the second domain name server; and 
wherein the second domain name server returns to said gateway a resolution of the at 
least one domain name service Inquiry, wherein the resolution Includes therein 
Information from a destination address for the at least one domain name service inquiry; 
and wherein said gateway encrypts the information and returns the information to said 
VPN client, (the solution is to use of an Ethernet switch workgroup switch, LAN switch, 
switched hub, or Layer 2 switch. Ethernet switches are a relatively new class of 
interconnect product which provide the capability to Increase the aggregate LAN 
bandwidth dramatically, because it allows for the simultaneous switching of packets 
between ports [3]. Each port on the Ethernet switch is attached to a shared segment (in 
our case a single client). Each shared segment can be allocated an internal bandwidth 
equal to 10 Mbps, allowing for an aggregate throughput of several times that of a single 
10Base-T shared segment. A similar solution for the realization of increased aggregate 
bandwidth is provided by segmentable hubs [32]. [0146], [0147]) and (It Is expected that 
the typical client be configured for a local DNS server. In any event, the DNS server that 
it is configured for would provide the same services as any other DNS server except in 
the resolution of local and/or private domain-names. Since these domain-names would 
not be local when using the System (mobile client), resolution for these would not be 
required. [0108] If the name is not resolved, it is assumed that the DNS request was for 
that of a local or private IP address. In this case the System returns the System client- 
side IP address as it attempts to emulate any local machine. A common occurrence that 
falls in this category would be to resolve the specified HTTP proxy. [0109]) and (the 
System need to redirect this packet to the System server-side and the server-side 
network adapter card will receive this packet normally. [0358]) 



27. As per claim 27, a virtual private network, comprising: means for receiving a 
request from at least one user for at least one address that can be translated by a 
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second DNS server; means for detecting that the at least one address cannot be 
translated by a first DNS server, wherein the first DNS server is then in use by the user; 
means for redirecting the request from the first DNS server to a gateway, wherein the 
gateway directs the request to the second DNS server, and wherein the second DNS 
server resolves the request and returns the address to the gateway; and means for 
receiving, from the gateway, the requested address formatted according to the first DNS 
server, (the solution is to use of an Ethernet switch workgroup switch, LAN switch, 
switched hub, or Layer 2 switch. Ethernet switches are a relatively new class of 
interconnect product which provide the capability to increase the aggregate LAN 
bandwidth dramatically, because it allows for the simultaneous switching of packets 
between ports [3]. Each port on the Ethernet switch is attached to a shared segment (in 
our case a single client). Each shared segment can be allocated an internal bandwidth 
equal to 10 Mbps, allowing for an aggregate throughput of several times that of a single 
lOBase-T shared segment. A similar solution for the realization of increased aggregate 
bandwidth is provided by segmentable hubs [32]. [0146], [0147]) and (It is expected that 
the typical client be configured for a local DNS server. In any event, the DNS server that 
it is configured for would provide the same services as any other DNS server except in 
the resolution of local and/or private domain-names. Since these domain-names would 
not be local when using the System (mobile client), resolution for these would not be 
required. [0108] If the name is not resolved, it is assumed that the DNS request was for 
that of a local or private IP address. In this case the System returns the System client- 
side IP address as it attempts to emulate any local machine. A common occurrence that 
falls in this category would be to resolve the specified HTTP proxy. [0109]) and (the 
System need to redirect this packet to the System server-side and the server-side 
network adapter card will receive this packet normally. [0358]) 
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Conclusion 



Any inquiry concerning this comnnunication or earlier connnnunications from the 
examiner should be directed to Mitra Kianersi whose telephone number is (703) 305- 
4650. The examiner can normally be reached on 7:O0AM-4:O0PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, David Wiley can be reached on (703) 308-5221 . The fax phone number for 
the organization where this application or proceeding is assigned is 703-872-9306. 

Mitra Kianersi 
May/18/2004 
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